CVE-2006-2546
First published: Tue May 23 2006(Updated: )
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-2546?
CVE-2006-2546 is considered a high severity vulnerability due to the potential for attackers to gain administrative privileges.
How do I fix CVE-2006-2546?
To mitigate CVE-2006-2546, ensure that the administrator password is not stored in cleartext and follow the recommended password reset mechanisms post-October 10, 2005.
What versions of BEA WebLogic Server are affected by CVE-2006-2546?
CVE-2006-2546 specifically affects BEA WebLogic Server version 8.1.
What are the potential risks associated with CVE-2006-2546?
The risks of CVE-2006-2546 include unauthorized access to administrative functions and sensitive data exposure.
Is there a workaround for CVE-2006-2546?
A workaround for CVE-2006-2546 includes manually changing the stored password to ensure it is securely hashed rather than stored in cleartext.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/8.1